A Norfolk company has lost $236,000 after a fake invoice from a hacked email account was paid out by an employee, according to Ontario Provincial Police.
Police say a business in southwestern Ontario reported the fraud, which allegedly began in mid-April when the outfit was contacted by a company in the United States.
An employee responsible for paying invoices received a pair of emails from the owner of the American business requesting that invoices be paid, police say.
After receiving a second invoice about an outstanding balance, the employee sent a payment of $236,000.
OPP say the employee then became suspicious and contacted the owner of the U.S. company.
It was later determined that the email address to which the payment was sent came from an account that had been compromised, police say.
Investigators call this sort of rip-off the “CEO scam.” It usually begins when a criminal poses as a company’s president or owner using a fake or hacked email account. That “owner” then writes directly to an employee responsible for arranging payments or transfers of funds to suppliers and attaches an invoice.
In light of this fraud investigation, OPP is urging businesses to be wary of such scams by:
- Educating employees about this scam and being skeptical of urgent or suspicious requests made by email
- Encouraging employees to communicate with managers if they feel a request seems unusual or suspicious
- Reaching out to the appropriate person if any doubts arise about an email that appears to be from someone at the company
- Having policies and procedures requiring more than one person to approve fund transfers
- Watching what employees share online. This information can be used to gain information about the company that can be used to target it
Anyone with information regarding this or similar incidents should contact OPP or call Crime Stoppers at 1-800-222-8477 (TIPS).
WATCH: Online rental scam warning for prospective tenants